[原文]Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c, or possibly via bad uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4) fileapi.c, (5) cookie.c, (6) codes.c, or other files.

-
不受影响的程序版本

-
漏洞讨论

Ecartis is the new name for the Listar software product. Listar is a mailing list management package for Linux, BSD, and other Unix like operating systems.

Multiple local buffer overflow conditions have been reported in some versions of Ecartis. If successfully exploited, this may result in the execution of arbitrary code. Listar normally runs as the non-privileged user 'listar'. Exploitation of this vulnerability may allow the malicious party to launch further attacks against the system as the user 'listar'.

-
漏洞利用

The Itch &lt;itchie@promisc.org&gt; and KF &lt;dotslash@snosoft.com&gt; have provided the following exploits: